Gateway

Operation Through Firewalls

Users of the Citrix Gateway plug-in are sometimes located inside another organization’s firewall, as shown in the following figure:

Figure 1. Connection from user device through two internal firewalls

User connection through two internal firewalls

NAT firewalls maintain a table that allows them to route secure packets from Citrix Gateway back to the user device. For circuit-oriented connections, Citrix Gateway maintains a port-mapped, reverse NAT translation table. The reverse NAT translation table enables Citrix Gateway to match connections and send packets back over the tunnel to the user device with the correct port numbers so that the packets return to the correct application.

Operation Through Firewalls